(20096) Support systemd on Fedora 15 and up #145
Conversation
Add a check to see if running Fedora 15 in order to use init scripts provided by systemd. This adds compatibility for systemd on Fedora, which currently returns an incorrect failure message when persisting rules.
| when :Fedora | ||
| case proto.to_sym | ||
| when :IPv4 | ||
| %w{/usr/libexec/iptables.init save} |
There was a problem hiding this comment.
I don't seem to have this file on Fedora 18 ... does it need a package to be installed to work?
There was a problem hiding this comment.
It seems iptables was removed in favor of firewalld in Fedora 18. Would it make sense to say Fedora 18 and up are unsupported until a firewalld provider is implemented? I'd be happy to work on a pull request for that and amend this one so it will fail on Fedora 18+.
There was a problem hiding this comment.
@ecbypi well, firewalld drives iptables I see. Hmm. Perhaps the module should disable firewalld, I see things should work without it - and I'm not sure if firewalld adds complete and utter coverage of iptables functionality. Some users would want to tap very specific options, and I don't think firewalld exposes them all - unless you use --direct which allows you to pass through iptables commands directly - but they look like they aren't even persisted. Damn Fedora messing with stuff :-).
There was a problem hiding this comment.
@ecbypi looks like that missing executable is provided with 'iptables-services' - the path is different as well, its '/usr/libexec/iptables/iptables.init' ... I think this is the rough path I would take until someone does something about a firewalld provider: a) shutdown firewalld stop it from starting b) install iptables-services c) purge and override the firewalld stuff in favour of whats in puppet.
I mean, it still works - and it gives people ongoing continuity if they already have firewall rules in puppet when they go to Fedora 18 (well, really I'm more worried about the majority moving to rhel7 here obviously).
There was a problem hiding this comment.
@ecbypi anyway, this isn't helping getting your patched merged. I think with this new knowledge I'd prefer to add the path variant for Fedora 18 until this is sorted. Bonus points if you wanted to do the other stuff, but at least sort out the path variant for now so people can 'manually' sort themselves out. Right now we already have other issues with Fedora 18 (conntrack module for example) so until they are sorted those users are blocked anyway.
|
Can one of the admins verify this patch? |
(20096) Support systemd on Fedora 15 and up
…temd-support (20096) Support systemd on Fedora 15 and up
Add a check to see if running Fedora 15 in order to use init scripts
provided by systemd. This adds compatibility for systemd on Fedora,
which currently returns an incorrect failure message when persisting
rules.